ruby-lang.org Archives - 12 June 2013, Wednesday

Here you will find information about security issues of Ruby. Reporting Security Vulnerabilities Security vulnerabilities should be reported via an email to [email protected] (the PGP public key ), which is a private mailing list. Reported problems will be published after fixes. ...

Now Ruby 1.9.3-p429 is released. We once released p426 some hours before, but it had build problems on some platforms. Use this p429 instead, please. This release includes a security fix about bundled DL / Fiddle. Object taint bypassing in DL and Fiddle in Ruby (CVE-2013-2065) And som...

Related:

Object taint bypassing in DL and Fiddle in Ruby (CVE-2013-2065) There is a vulnerability in DL and Fiddle in Ruby where tainted strings can be used by system calls regardless of the $SAFE level set in Ruby. This vulnerability has been assigned the CVE identifier CVE-2013-2065. Impact ...

Ruby 2.0.0-p195 is released. This is the first patchlevel release of 2.0.0. This release include a security fix of Ruby DL/Fiddle extension. Object taint bypassing in DL and Fiddle in Ruby(CVE-2013-2065) And there’re many bug-fixes and some optimization, and documentation fixes. Downl...

Now Ruby 1.9.3-p426 is released. This release includes a security fix about bundled DL / Fiddle. Object taint bypassing in DL and Fiddle in Ruby (CVE-2013-2065) And some small bugfixes are also included. See tickets and ChangeLog for details. Download You can download this release fro...

Related:

In Ruby, everything is an object. Every bit of information and code can be given their own properties and actions. Object-oriented programming calls properties by the name instance variables and actions are known as methods . Ruby’s pure object-oriented approach is most commonly demon...

Certain members of the Ruby community feel very strongly that you should never use a package manager to install Ruby, and that you should use RVM instead. While the full list of pros and cons are outside of the scope of this page, the most basic reason is that most package managers ha...

Unrestricted entity expansion can lead to a DoS vulnerability in REXML. This vulnerability has been assigned the CVE identifier CVE-2013-1821. We strongly recommend to upgrade ruby. Details When reading text nodes from an XML document, the REXML parser can be coerced in to allocating ...

Related:

The default encoding for ruby scripts is now UTF-8 [#6679]. Some people report that it affects existing programs, such as some benchmark programs becoming very slow [ruby-dev:46547]. Iconv was removed, which had already been deprecated when M17N was introduced in ruby 1.9. Use String#...

The default encoding for ruby scripts is now UTF-8 [#6679]. Some people report that it affects existing programs, such as some benchmark programs becoming very slow [ruby-dev:46547]. Iconv was removed, which had already been deprecated when M17N was introduced in ruby 1.9. Use String#...